Please note that data subjects have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk) in respect of the UK GDPR; or The National Data Protection Commission (Commission Nationale pour la Protection des Données – CNPD), the Luxembourg supervisory authority for data protection issues (https://cnpd.public.lu/en.html) in respect of the EU GDPR. We would, however, appreciate the chance to deal with data subjects’ concerns before they approach the ICO or CNPD, so please contact us in the first instance.
It is important that the personal data we hold about data subjects is accurate and current. Please keep us informed if any of the data subjects’ personal data that you provided in relation to the Data Sharing Activities changes. We will ask you to maintain the accuracy of your responses within the survey through email reminders.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We also collect, use and share “Aggregated Data” which is statistical data about the performance of Agents. Aggregated Data could be derived from personal data but is not considered personal data in law as this data will not directly or indirectly reveal an identifiable person.
We do not collect any special categories of personal data (therefore, we do not collect details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to allow you to continue as a provider on The Knowledge Group Marketplace). In this case, we will notify you if this is the case at the time, and we may have to terminate our contract with you.
We use different methods to collect data from and about you and your third parties including through:
Direct interactions. You will give us personal data by filling in the tkg Supplier Onboarding Survey and use by you of The Knowledge Group Marketplace. You may also share performance data about Agents with us, which must be provided in an anonymised form.
Automated technologies or interactions. As you interact with The Knowledge Group, we will automatically collect Technical Data and Profile and Transaction Data about your equipment and activity. We may collect this personal data by using cookies and other similar technologies.
We will only use personal data when the law allows us to. Most commonly, we will use personal data in the following circumstances:
We have set out below, in a table format, a description of the ways we plan to use personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process personal data for more than one lawful ground depending on the specific purpose for which we are using the data. Please contact us if you need details about the specific legal ground we are relying on to process personal data where more than one ground has been set out in the table below.
We may use your data to form a view on what we think you may want or need, or what may be of interest to you, from us or third parties. This is how we decide which services and offers may be relevant for you.
You will receive marketing communications from us if you have requested information from us or use The Knowledge Group Marketplace and you have not opted out of receiving that marketing. You may also receive marketing from third parties if we share your personal data with them (please see below for further detail in the section Disclosures of your personal data).
You can ask us to stop sending you marketing messages at any time by contacting us at any time.
We will only use the personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
You confirm that you are authorised by the data subjects for us to provide any necessary information for UK GDPR or EU GDPR purposes to you on their behalf as their agent, and you will therefore, convey that information to them.
Please note that we may process personal data without the data subjects’ knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We may share personal data with the parties for the purposes set out below:
By being a provider on The Knowledge Group Marketplace, you acknowledge that personal data may be transferred outside the UK in the following ways:
Whenever we transfer personal data out of the UK or EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented (as applicable, depending upon whether it is a transfer from the UK or EEA):
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
We have put in place appropriate security measures to seek to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to personal data to staff who have a business need to know. They will only process personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We were granted a Cyber Essentials certificate on June 30th 2022 by the industry body in recognition of our compliance to the defined standards for corporate data security.
We will only retain personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. Further details are available by contacting us.
We may retain personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you or a data subject.
Under certain circumstances, data subjects have rights under data protection laws in relation to their personal data as follows:
If data subjects wish to exercise any of the rights set out above, please contact us.
Data subjects will not have to pay a fee to access their personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if their request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with their request in these circumstances.
We may need to request specific information from you to help us confirm the respective data subject’s identity and ensure their right to access their personal data (or to exercise any of their other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to their request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if the request is particularly complex or the data subject has made a number of requests. In this case, we will notify you and keep you updated, as their agent.